Vulnerability Details : CVE-2010-3495
Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-3495
Probability of exploitation activity in the next 30 days: 3.76%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3495
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-3495
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3495
-
http://www.openwall.com/lists/oss-security/2010/09/09/6
oss-security - CVE Request -- Python -- accept() implementation in async core is broken => more subcases
-
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:024
-
https://bugs.launchpad.net/zodb/+bug/135108
Bug #135108 “mac osx socket.accept return None instead of """ : Bugs : ZODB
-
http://bugs.python.org/issue6706
Issue 6706: asyncore's accept() is broken - Python trackerPatch
-
http://www.openwall.com/lists/oss-security/2010/09/24/3
oss-security - Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases
-
http://www.openwall.com/lists/oss-security/2010/09/22/3
oss-security - Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases
-
http://pypi.python.org/pypi/ZODB3/3.10.0#id1
ZODB3 · PyPI
-
http://www.openwall.com/lists/oss-security/2010/09/11/2
oss-security - Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases
Products affected by CVE-2010-3495
- cpe:2.3:a:zope:zodb:*:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:2.9.11:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:2.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:2.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:2.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.9.0b5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.9.0b4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.9.0b3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.9.0b2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.9.0c1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.9.0b1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.8.6:*:*:*:*:*:*:*